b'                                     UNCLASSIFIED\n\n\n\n          MEMORANDUM REPORT NUMBER IT-A-02-01\n              CLASSIFIED CONNECTIVITY PROGRAM:\n                       PROGRESS AND CHALLENGES\n                                       February 2002\n\nThe Classified Connectivity Program (CCP) is an ongoing effort within the Depart-\nment to deploy a standards-based, global network for classified information process-\ning and communications to about 250 embassies and consulates overseas. The\nprogram is intended to assist the Department in meeting objectives in its Informa-\ntion Technology (IT) Strategic Plan, FY 2001-FY 2005, of supporting its interna-\ntional affairs and diplomatic mission with modern, robust, secure, and cost-effective\nIT solutions.\n\n    This report focuses on the Department\xe2\x80\x99s strategy for implementing the CCP to\nmodernize classified local area networks (C-LANs) at its overseas posts. Specific\nobjectives of our review were to: (1) determine what, if any, security or operational\nproblems are inherent in current C-LANs overseas; (2) assess the Department\xe2\x80\x99s\napproach to planning and implementing its C-LAN systems modernization via the\nClassified Connectivity Program; and (3) identify what changes may be needed to the\nDepartment\xe2\x80\x99s modernization initiative. The purpose, scope, and methodology for\nour review can be found at Appendix A.\n\n\n\nRESULTS IN BRIEF\nSince 1998, the Department has had an ongoing effort to institute up-to-date C-\nLAN equipment to help carry out the U.S. foreign affairs mission at about 250 of its\ndiplomatic and consular posts.1 The overwhelming majority of overseas posts have\nhad no classified connectivity or inadequate support from outdated networks, which\nare increasingly difficult to maintain. The Department\xe2\x80\x99s initial approach to C-LAN\nmodernization, however, was largely unstructured and with limited funding made\nminimal progress\xe2\x80\x94completing only about 20 installations in 1998-99 in contrast to\nits original objective of 48 deployments per year over a 5-year period. The Secretary\nhas made instituting up-to-date technology to support classified communications a\nhigh priority within the Department, spurring efforts to complete CCP deployments\n\n1\n  Some posts do not meet the requirements for classified processing and will not receive the\nmodernized C-LAN equipment.\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   1 .\n\n                                     UNCLASSIFIED\n\x0c                                       UNCLASSIFIED\n\n\n\n      to all eligible posts by December 2003. Under the direction of the Program Man-\n      agement and Analysis (PMA) Division within the Bureau of Information Resource\n      Management (IRM), the Department now has a disciplined CCP approach in place\n      and is making continued progress toward meeting this priority objective. Since\n      assuming responsibility for the project, PMA has completed an additional 55 deploy-\n      ments, for a total of 75 C-LAN modernizations as of September 2001.\n\n          Despite the Secretary\xe2\x80\x99s priority emphasis, CCP implementation efforts have had a\n      history of funding uncertainties that have challenged PMA\xe2\x80\x99s ability to accomplish the\n      project on schedule. Though program funding is currently back on track, CCP\n      implementation remains challenged by issues with equipment procurements, deploy-\n      ment logistics, and delays in bandwidth installations that also pose potential risks for\n      the program schedule. The current project approach does not include a documented\n      strategy for CCP certification and accreditation to help identify and manage systems\n      security risks. Further, C-LAN deployments are not adequately supported by IT\n      contingency plans to ensure business continuity in case of failures, disruptions, or\n      emergencies that affect systems operations at overseas posts.\n\n           Provision of adequate and timely funding will help keep this priority program on\n      schedule through its completion. The Department can also improve program\n      planning to ensure that systems certification and accreditation are conducted, risks\n      are effectively managed, and effective IT contingency strategies are in place to help\n      safeguard classified information processing overseas. Such precautions are especially\n      critical in the current environment of increasing systems security threats and in view\n      of IT deficiencies we identified in recent OIG inspection reports and an assessment\n      mandated by the Government Information Security Reform Act (GISRA).2\n\n\n\n      BACKGROUND\n      Since 1998, IRM has been working to institute a worldwide IT infrastructure to\n      support routine and crisis processing of classified information. This program,\n      formerly known as C-NT LAN3 modernization, was restructured in October 1999 as\n      the CCP within PMA. The CCP is the classified counterpart to A Logical Modern-\n      ization Approach (ALMA), the recently completed project to install new servers and\n\n\n      2\n       Senior Management Attention Needed to Ensure Effective Implementation of the Government Information\n      Security Reform Act, OIG Memorandum Report Number 01-IT-M-082, September 2001.\n      3\n       The \xe2\x80\x9cNT\xe2\x80\x9d in the acronym refers to the Windows New Technology (NT) operating system on\n      which the modernized C-LAN systems are based.\n\n\n\n2 .       OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                       UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\ndesktop computers for sensitive but unclassified processing at overseas missions.\nThe CCP addresses the lack of classified connectivity at many posts, along with\nproblems in other locations with existing Banyan local area networks that are based\non older proprietary hardware and software and require inefficient user processes.\nThe Banyan networks are also subject to extended outages and are increasingly\ndifficult and costly to maintain. Replacement of the outdated classified client server\ninfrastructure is not an option because Banyan is no longer supported by the desig-\nnated supplier.\n\n     The entire C-LAN modernization effort involves installation of new classified\nnetworks at approximately 250 overseas locations by the end of 2003, at a total\nprogram cost of about $200 million. Of the approximately 250 locations, C-LAN\nequipment is being replaced at about 100 posts that have outdated Banyan or Classi-\nfied Information Handling System equipment.4 Classified connectivity is also being\nprovided to 145 overseas missions that have had no classified systems or e-mail at all.\nLocations without classified connectivity have had to rely on other means, such as\nsecure telephone, fax, and pouch mail, to conduct classified operations\xe2\x80\x94an unten-\nable situation in the current information age. Many of these missions are located in\npolitically sensitive and high-threat regions where rapid and secure communications\nare especially critical to ensure the security of American citizens abroad during a\ncrisis.\n\n    Like ALMA, the CCP is implementing commercial off-the-shelf technology\xe2\x80\x94\nspecifically, Windows NT operating systems and new hardware, software applica-\ntions, and networks\xe2\x80\x94for classified processing and communications worldwide up to\nthe secret level. The program is eliminating the need for the redundant gateways,\ntechnical support, and systems administrator training now in place just for the\nBanyan systems. Standard equipment deployments are intended to minimize the\nneed for posts independently to implement a variety of incompatible systems\xe2\x80\x94a\nsituation that has become increasingly problematic. New or expanded capabilities\nsupported by the classified program include office automation products, e-mail,\nbrowsing technology, and advanced firewall security and encryption technology. The\nprogram also includes faster telegraphic communications via CableXpress, a system\nfor electronic cable distribution at the desktop. CCP facilitates centralized and\nregionalized storage of classified information, as well as selected data sharing among\noverseas missions and Federal agencies via the Secret Internet Protocol Router\nNetwork (SIPRNET), a program that uses classified Internet browsing technology.\n\n4\n  The Classified Information Handling System is hardware and software previously used within\nthe Department for encrypting and transmitting classified telegrams over unclassified circuits.\n\n\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   3 .\n\n                                     UNCLASSIFIED\n\x0c                                    UNCLASSIFIED\n\n\n\n      REVIEW FINDINGS\n\n      IMPROVED APPROACH TO CCP IMPLEMENTATION\n      The Department has made several enhancements to its strategy for modernizing its\n      C-LAN systems overseas. Institution of more disciplined practices, partnering with\n      the functional and geographic bureaus, and adoption of more efficient processes are\n      some of the key improvements identified in the project management approach.\n\n\n\n\n      Initial Approach to CCP Was Unstructured\n\n      From 1998 through 1999, IRM\xe2\x80\x99s Messaging Systems Office, in partnership with the\n      Office of Information Technology Infrastructure, LAN and WAN Services Division,\n      managed the original CCP. The primary objective of the program at that time was to\n      replace outdated Banyan classified networks at a rate of 48 overseas posts per year.\n      IRM conducted surveys of overseas posts, purchased and installed equipment, and\n      provided training. Theirs was largely an unstructured approach, with no established\n      procedures, templates, or project management checklists. As a result, the entire\n      process for a single C-LAN installation required as much as 3 to 7 months for\n      completion. Given this, along with staffing and funding limitations, IRM deployed\n      modern classified networks to a total of 20 locations overseas during the first 2 years\n      of the program.\n\n\n\n\n      More Disciplined Program Management\n      Approach\n\n      In October 1999, IRM\xe2\x80\x99s Program Management and Analysis (PMA) Division as-\n      sumed management responsibility for the C-LAN modernization effort. Established\n      as an offshoot of the ALMA program, PMA is currently responsible for large-scale\n      deployment of the Department\xe2\x80\x99s worldwide Information Technology Infrastructure.\n      Currently, PMA is managing two other programs\xe2\x80\x94ALMA Refresh, and Public\n      Diplomacy \xe2\x80\x9cAlmatization\xe2\x80\x9d\xe2\x80\x94in addition to the classified network modernization\n      program. In total, PMA manages about $47 million worth of IRM programs, all\n      funded primarily from the Central Investment Fund.\n\n\n4 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                    UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n    Within 3 months of assuming C-LAN modernization responsibility, PMA\nreengineered the program, renaming it the CCP. PMA instilled discipline by applying\ngenerally accepted project management practices and required methodologies, such\nas Managing State Projects, to the CCP. CCP implementation has been a complex\nundertaking involving the following activities:\n\n\xe2\x80\xa2   Conducting initial e-mail surveys of over 200 posts to determine basic customer\n    business requirements, followed by physical survey of each site to identify\n    specific IT infrastructure requirements;\n\n\xe2\x80\xa2   Developing 10 core configuration templates and corresponding cost models for\n    C-LAN installations at overseas posts;\n\n\xe2\x80\xa2   Conducting market surveys to establish vendor and technical criteria, identify\n    potential vendor sources, and encourage competition among suppliers of com-\n    mercial off-the-shelf, Tempest, and zoned equipment;\n\n\xe2\x80\xa2   Obtaining formal design acceptance from posts and initiating equipment pro-\n    curements to meet post configuration requirements;\n\n\xe2\x80\xa2   Ensuring security planning and coordinating infrastructure and network support\n    with relevant Department organizations;\n\n\xe2\x80\xa2   Receiving, testing, integrating, and preparing computing equipment for classified\n    pouch shipment overseas; and\n\n\xe2\x80\xa2   Coordinating schedules and deploying teams to install C-LAN equipment at each\n    target location.\n\n    CCP also involves coordination among many different activities and organiza-\ntions. Including the regional bureaus in the project management decisionmaking\nprocess was one of the most constructive changes made to the program. Recogniz-\ning that the regional bureaus would benefit most from a deployment plan that\nconsiders the various criteria of individual posts (i.e., political sensitivities, available\nbandwidth, and IT and host nation infrastructure) PMA joined with the regional\nbureaus to develop a process whereby the bureaus prioritized overseas posts for C-\nLAN installations. PMA works to keep the bureaus involved and up-to-date on the\nC-LAN installation progress. At times, PMA coordinates with regional bureaus and\nposts willing to provide funding of their own to help further C-LAN installations.\nFor example, in FY 2000, the Bureau of European Affairs provided funding to the\nCCP for modernizations at 16 posts. At least three other embassies funded C-LAN\ninstallations to support their own operations or those of nearby consulates.\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   5 .\n\n                                     UNCLASSIFIED\n\x0c                                    UNCLASSIFIED\n\n\n\n           Further, PMA has established service level agreements to govern other coopera-\n      tive arrangements. For example, an agreement with IRM\xe2\x80\x99s LAN and WAN Services\n      Division outlines this organization\xe2\x80\x99s responsibility for conducting and documenting\n      site surveys, preparing approved design packages, performing installations, designing\n      formal architectural drawings, and coordinating installation activities with posts.\n      PMA also signed service level agreements with the Foreign Service Institute\xe2\x80\x99s School\n      of Applied Information Technology to secure systems administrator and end-user\n      training on the CableXpress application. Additionally, PMA holds periodic meetings\n      with key organizational representatives to discuss cross-functional program issues,\n      address infrastructure and network support issues, coordinate ongoing operations,\n      and develop processes and policies for achieving program goals and objectives.\n\n          Throughout the CCP effort, PMA has sought to improve its project management\n      approach, incorporating a number of innovations. For example, PMA applied\n      lessons learned from life-cycle management of the ALMA program. The division\n      developed technical and financial databases of systems information for nearly all of\n      the Department\xe2\x80\x99s overseas sites. The financial database serves as a management\n      information system for controlling the resources associated with the various IT\n      modernization initiatives under PMA management. The technical database basically\n      documents systems design. As such, it establishes a baseline to control systems\n      configurations, guide systems upgrades, and support future systems implementations.\n      The technical database serves as a web-based resource that program managers,\n      technical personnel, and post officials can all access.\n\n          Further, PMA encouraged a competitive contracting environment, consolidated\n      equipment and materiel requirements, and reduced the number of shipments,\n      thereby producing real savings for each core system in comparison to C-LAN mod-\n      ernization costs under prior program management. In addition, PMA worked with\n      acquisition officials to streamline the procurement process, including requesting\n      quotes for equipment early in the planning process and purchasing the equipment as\n      funding is released instead of waiting until they receive full funding. Further, PMA\n      established a new facility to improve warehousing, integrating, and preparing C-LAN\n      equipment for shipment.\n\n\n\n      CHALLENGES TO SUCCESSFUL CCP IMPLEMENTATION\n          The CCP is one of the Department\xe2\x80\x99s top three priority IT initiatives. Though\n      currently back on track, the CCP has had a history of funding uncertainties that have\n      challenged its successful implementation. The program has also met with a number\n\n\n6 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                    UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\nof funding, logistical, and procurement challenges that have a direct impact on\nproject implementation schedules. If not successfully overcome, such challenges\ncould hinder project managers\xe2\x80\x99 ability to complete C-LAN installations at all eligible\nposts by the December 2003 deadline.\n\n\n\n\nFunding Delays Challenged the CCP\nImplementation Schedule\n\nAdequate and timely funding has been a problem throughout the history of the CCP.\nRepeatedly the program has met with shortages or delays in funding that have\nhindered implementation. The following is a summary of CCP funding since the\nprogram\xe2\x80\x99s inception:\n\n\xe2\x80\xa2   FY 1998-99: The Department spent approximately $10.2 million on start-up\n    activities and installation of new classified equipment at the first 20 locations.\n    Much of this initial effort was done to replace legacy and outdated systems at a\n    number of posts to help ensure that computers would continue to function\n    properly after the January 1, 2000, date change. Apart from Year 2000\n    remediation efforts, the majority of the Department\xe2\x80\x99s IT funding was devoted to\n    operations and maintenance activities rather than to modernization initiatives.\n\n\xe2\x80\xa2   FY 2000: Around the time that PMA assumed responsibility for the program,\n    funding had diminished to $1.6 million carried over from the prior year and\n    previous program management. By January 2000, PMA was forced to cut back\n    on C-LAN modernization activities and terminate about 25 contract personnel.\n    As a result, PMA completed only 3 CCP installations and limited work in many\n    instances to establishing dial-up classified access for only those posts with no C-\n    LAN capability at all. PMA ultimately received about $3.2 million in central\n    investment funds to help sustain the program.\n\n\xe2\x80\xa2   FY 2001: Again, the program received $3.2 million from the central investment\n    fund, and an additional $5 million via the financial plan developed through the\n    Department\xe2\x80\x99s internal process for making budget allocation decisions.\n\n    The Secretary\xe2\x80\x99s call for modernization of the Department\xe2\x80\x99s IT systems to sup-\nport diplomacy in the current information age has become the driving force for\ncompleting the CCP within the next 2 years. This priority was outlined in the\nPresident\xe2\x80\x99s Budget for FY 2002, presented in February 2001. However, midyear\nfunding presented a significant impediment to CCP progress in meeting this objec-\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   7 .\n\n                                     UNCLASSIFIED\n\x0c                                       UNCLASSIFIED\n\n\n\n      tive. Midyear funding refers to the delays experienced in receiving program funds as\n      the Department works through its internal routine process of allocating funds from\n      Congressional appropriations, which may not have been enacted until well into the\n      fiscal year. Specifically, in early April 2001, PMA formally requested funds from\n      IRM, FMP, and Bureau of Administration managers in the amount of $8.7 million\n      by mid-April and $16.3 million by early July 2001. PMA officials stated that the\n      amounts and the timing specified for funding were necessary to \xe2\x80\x9ckick start\xe2\x80\x9d phase\n      two of the CCP to meet their ambitious 2-year installation schedule. However, PMA\n      did not receive the approximately $26 million in requested funding until the mid-June\n      to July 2001 time period, requiring that the division compress the program schedule\n      to compensate for the funding date change.\n\n           According to PMA officials, when they do not get the funds needed on time and\n      in the amounts specified, planning for this complex program \xe2\x80\x9cfalls apart.\xe2\x80\x9d Specifi-\n      cally, the 2-month funding delay meant redoing plans and postponing critical CCP\n      activities, such as site surveys and corresponding development of approved design\n      packages for post installations. Procurement of Tempest and zoned equipment that\n      already typically requires lead times of 90 to 120 days were pushed further out.5\n      Readiness of the new facility acquired for warehousing, integrating, and packing and\n      crating of C-LAN equipment in preparation for shipment was also slowed.\n\n          As of September 2001, CCP funding was on track given receipt of the $26\n      million in funding during the preceding summer. Despite prior years\xe2\x80\x99 budget uncer-\n      tainties, the funding outlook for the CCP in FY 2002 appears positive. By confer-\n      ence agreement on November 9, 2001, the Congress appropriated funds for Depart-\n      ment programs. The agreement specifies approximately $107 million for the replace-\n      ment of computer and communications equipment that posts use for classified\n      operations. The Department is now preparing a financial plan, which it will use to\n      allocate funds in accordance with Congressional direction. The Under Secretary for\n      Management will have responsibility for the final IT funding decisions based on\n      recommendations of other senior managers in the Department.\n\n\n\n\n      5\n        Tempest equipment is technology that has been designed or modified to suppress compromis-\n      ing signals and has been approved at the national level for U.S. classified information processing\n      after undergoing specific tests. Zoning refers to the selection and placement of classified equip-\n      ment within predetermined secure areas of a facility in order to contain radiated emanations.\n\n\n\n\n8 .       OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                       UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n\nOngoing Risks to CCP Implementation\nSchedule\n\nCCP progress is faced with various other risks, for which PMA has taken consider-\nable countermeasures but has no definitive solutions. Specifically, as stated in\nmonthly status reports to the Under Secretary for Management since June 2001,\nCCP progress could potentially be deterred by risks in the following areas:\n\n\xe2\x80\xa2   Procurement: Contract and procurement procedures are cumbersome and slow,\n    and there are a limited number of vendors with limited capacity to meet the\n    increased volume of equipment delivery orders.\n\n\xe2\x80\xa2   Logistics: Packing and crating operations are currently at peak capacity. It is not\n    certain whether the current controlled pouch system will be able to accommo-\n    date an increase in surface shipments of 150,000 pounds per month, and pouch\n    shipments by air are too expensive.\n\n\xe2\x80\xa2   Space, Facilities, and Resources: The physical movement of goods currently\n    requires six moves. Cleared storage, integration, and office space is at capacity\n    and additional resources are required to make the new warehouse operational.\n\n\xe2\x80\xa2   Hardware: Production has ceased on current, approved network encryption\n    devices and the availability date remains unknown for successor devices.\n\n\xe2\x80\xa2   Bandwidth: As of September 2001, over 30 posts still had less than the mini-\n    mum requirement of 64 kilobytes per second of bandwidth. The Diplomatic\n    Telecommunications Service Program Office (DTS-PO) is responsible for\n    providing bandwidth needed to support C-LAN installations.\n\n    PMA officials discussed with us their remediation strategies for countering these\nrisks. For example, PMA officials have worked with acquisition officials to identify\nmultiple sources of supply and increase competition among vendors. They have also\nincluded supplier ability to deliver equipment on schedule as a criterion for contract\naward decisions, thereby better ensuring prompt deliveries and reducing the lead time\nneeded for equipment procurements. The new warehouse and integration facility\nconstructed to facilitate logistics management was completed on time and is already\nin use.\n\n    PMA officials told us that they had also stockpiled about 72 of the current,\napproved encryption devices to support CCP deployments through June 2002 and\nanticipate that the successor devices will be available shortly thereafter. In August\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   9 .\n\n                                     UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n       2001, IRM submitted requests to DTS-PO for additional bandwidth to support both\n       the CCP and the OpenNet Plus Program, which is intended to provide Internet\n       access at the desktop for Department users at locations worldwide. Obtaining the\n       minimum bandwidth needed for CCP is first priority. Posts for which providing\n       bandwidth is most difficult will be last on the list to receive the modern C-LAN\n       equipment, allowing added time for the bandwidth installations.\n\n           Further, PMA officials recognize their limitations to address risks regarding peak\n       capacity packing and crating and shipping operations. Because they are not currently\n       shipping, they do not know whether they will be able to meet increased deployment\n       requirements. However, PMA officials said that they are planning ahead as much as\n       possible and remain optimistic about meeting their ambitious CCP deployment\n       schedule.\n\n\n\n\n       Current Status of CCP Installation Progress\n\n       Despite the challenges, the CCP effort continues to move forward. In addition to\n       the 20 installations carried out under prior program management, PMA has com-\n       pleted 55 more installations, for a total of 75 C-LAN modernizations under CCP\n       Phase I. This first phase of the program involves funding and activities from the\n       program start in 1998 through about January 2002. CCP Phase II, scheduled to\n       begin in mid-FY 2002, involves installing modern C-LAN at 180 additional posts and\n       revisiting 10 other combination classified NT/Banyan LAN posts that require\n       upgrades. Regional bureau priorities for installing C-LAN equipment at the first 50\n       posts scheduled under CCP Phase II are to be addressed starting in April 2002 and\n       due to be completed by the end of FY 2002. C-LAN installations at the remainder\n       of the approximately 250 candidate posts are due to be completed by December\n       2003. The total cost for CCP implementation is estimated at about $200 million,\n       including approximately $50 million in infrastructure support costs for such items as\n       network management and bandwidth augmentation.\n\n\n\n       CCP SECURITY PLANNING NEEDS IMPROVEMENT\n       The Department lacks a documented approach for managing the security risks of\n       modernized C-LAN equipment being deployed to its overseas posts. The\n       Department\xe2\x80\x99s IT contingency planning efforts also have not been adequate to help\n       ensure that systems such as the new C-LAN are covered by strategies for continuing\n\n\n10 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                     UNCLASSIFIED\n\x0c                                       UNCLASSIFIED\n\n\n\nor restoring mission-critical operations in case of unexpected disruptions in service.\nAddressing these issues is essential, especially given general IT and C-LAN-specific\nsecurity weaknesses OIG identified in various reports over the past 2 years.\n\n\n\n\nNo Definitive CCP Certification and\nAccreditation Strategy\n\nThe Department has not developed a definitive strategy for managing the security\nrisks of its CCP deployments. As directed by various legislation and policy guid-\nance,6 executive departments and agencies are to establish processes for authorizing\nand ensuring the security of the IT systems that they implement. The National\nInformation Assurance Certification and Accreditation Process (NIACAP) devel-\noped by the National Security Telecommunications and Information Systems Secu-\nrity Committee outlines a phased, risk-management framework for meeting these IT\nsecurity requirements.7 Specifically, the NIACAP outlines the minimum national\nstandards, activities, general tasks, and management structure for systems certifica-\ntion and accreditation. The NIACAP defines certification as the independent,\ntechnical review of a system to identify risks and ensure that the system meets\nFederal IT security requirements. Accreditation is the subsequent formal acceptance\nof the risks identified through certification and approval to operate the system,\nensuring that the accredited security posture will be maintained throughout the\nsystem life cycle. The NIACAP directs that a System Security Authorization Agree-\nment (SSAA) be initiated at the outset of an IT project to guide certification and\naccreditation activities and document agreements among responsible authorities.\n\n    The Bureau of Diplomatic Security (DS)\xe2\x80\x94the Department\xe2\x80\x99s certification author-\nity\xe2\x80\x94has not completed the steps needed to certify the classified Windows NT LAN\nin accordance with Federal requirements. In an April 1999 memorandum, DS\napproved IRM use of standard software to begin the CCP. DS provided the initial\napproval on the condition that all systems configurations and settings be performed\nas outlined in supporting documentation, and with the assumption that the required\nphysical, personnel, and emanation security environments are established to support\nthe system. Despite ongoing C-LAN deployments, DS has subsequently not worked\nto certify the system and ensure that these conditions and assumptions were fulfilled.\n\n6\n Computer Security Act of 1987(Public Law 100-235, as amended); Office of Management and Budget\nCircular A-130, Management of Federal Information Resources, Appendix III; and The Federal Infor-\nmation Processing Standard Publication 102, Guidelines for Computer Security Certification and Accredi-\ntation.\n7\n    The four phases of the NIACAP are definition, verification, validation, and post accreditation.\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002       11 .\n\n                                       UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n            In recent discussions, DS officials told us that, as authorized by the NIACAP,\n       they plan to recommend a \xe2\x80\x9ctype accreditation\xe2\x80\x9d of the CCP configuration. As\n       defined in the NIACAP, a type accreditation evaluates an application or system that\n       is distributed to a number of different locations. As such, DS officials believe that a\n       type accreditation is appropriate for the CCP, which involves deploying a simple,\n       standard, hardware and software configuration to multiple posts worldwide. DS\n       officials stated that the type accreditation would be supported by a central SSAA,\n       with input by the PMA and various other organizations, as a basis for a final accredi-\n       tation decision.\n\n           Further, DS officials said that they would travel abroad to certify the C-LAN in\n       each overseas post environment, starting in late FY 2003. They said that the C-LAN\n       certifications overseas will be conducted in conjunction with certification and ac-\n       creditation for the OpenNet Plus program. Both the CCP and the OpenNet Plus\n       Program are based on standard hardware and software configurations using the same\n       telecommunications infrastructure, with the only differences being bandwidth\n       requirements and the classification levels of information. DS officials said that the\n       joint certification approach will involve assessments of all aspects of individual post\n       environments (i.e., physical, personnel, and technical) that could affect the security\n       of their classified information processing activities. DS officials indicated that post\n       officials, such as the information management officer, regional security officer, or\n       information systems security officer, who will be responsible for managing the\n       operational systems, will also be responsible for developing the SSAAs to support\n       systems certification and accreditation. DS officials stated that they would provide\n       toolkits for posts to use in developing their SSAAs.\n\n            This overall certification and accreditation strategy may prove viable. However,\n       we are concerned about certain aspects of the stated approach, such as delaying the\n       C-LAN certification activities until FY 2003. According to the NIACAP, certifica-\n       tion and accreditation of a system should be started at the beginning of a system\xe2\x80\x99s\n       life cycle. Though C-LAN deployments have been completed at 75 locations since\n       1998, DS has not worked to test, verify, and ultimately certify the security of the\n       classified processing environments. Posts are responsible for management and\n       routine reporting of classified information processing operations in accordance with\n       existing internal Department guidance and DS routinely sends teams overseas to\n       evaluate compliance. Lacking certification, however, there is no central oversight or\n       in-depth assessments to identify technical or environmental security risks. Lacking\n       accreditation, there is also no formal acceptance or accountability for managing\n       those risks by site managers or chiefs of mission. In December 2001, DS officials\n       said that, using existing resources, the type accreditation would likely be conducted in\n       2002. However, due to funding constraints, they said that post visits and certifica-\n\n\n12 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                     UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\ntions would probably not occur for at least another year and a half. DS officials said\nthat they planned to include funds for post certification activities in their FY 2003\nbudget.\n\n     Further, we are concerned about the lack of an overall documented plan for\ncarrying out the C-LAN certification approach. Discussions between OIG and\nresponsible DS and IRM officials have yielded conflicting perspectives on how C-\nLAN certification and accreditation might be conducted. The only documented\ncertification and accreditation plans we identified are for the OpenNet Plus project,\noutlining plans for testing and independent verification and validation of that system\nalone. The testing will be conducted as a prelude to certification and accreditation,\nat a cost of $30 million for DS and $7 million for IRM. In the absence of a clear,\ndocumented strategy, it is not certain what the certification and accreditation will\ninclude, how it will be conducted, and at what cost.\n\n     In late December 2001, DS officials told us that they were planning to hold their\nfirst meeting to outline a strategy that would include the CCP type accreditation as\nwell as subsequent certification and accreditation for posts worldwide. They said\nthat the strategy would include details on their planned certification and accreditation\napproach, ultimately for presentation to the designated approving authority. They\nexpected to have a first draft of the strategy by March 2002. At the time of our\nmeeting, DS officials had no plans to include IRM representatives in their discus-\nsions to develop the strategy. We believe that IRM\xe2\x80\x99s involvement will be essential\nsince it is the organization responsible for accrediting the CCP based on DS\xe2\x80\x99 certifi-\ncation recommendation. If not involved, the DS strategy might not provide all of\nthe elements needed as a basis for the accreditation decision.\n\n    Federal requirements for systems certification and accreditation are not new,\ndating back to Federal Information Processing Standard 102, Guideline for Computer\nSecurity Certification and Accreditation, disseminated in September 1983. Since then, the\nDepartment has restated several times its commitment to complying with certifica-\ntion and accreditation requirements. However, to date, the Department has under-\ntaken certification and accreditation of only 5 percent of the 370 major automated\nsystems that OIG identified in our report on implementation of GISRA. The\nDepartment recently released Certification and Accreditation (C&A) Process, Version 1.0,\nAugust 2001, outlining its overall program for certifying and accrediting its IT\nsystems. The process document is based on Department and National directives,\nincluding the NIACAP and National Institute of Standards and Technology guid-\nance. When finalized, the document should strengthen the foundation for develop-\ning a well-defined C-LAN certification and accreditation strategy within the\nDepartment.\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   13 .\n\n                                     UNCLASSIFIED\n\x0c                                        UNCLASSIFIED\n\n\n\n\n       IT Contingency Planning Inadequate to\n       Support CCP Implementation\n\n       The Department\xe2\x80\x99s IT contingency planning efforts have not been adequate to help\n       safeguard classified information systems and the critical business functions that they\n       support in the event of unexpected disruptions at posts overseas. As defined by the\n       National Institute of Standards and Technology, an IT contingency is an event\xe2\x80\x94\n       such as a power outage, hardware failure, fire, or storm\xe2\x80\x94with the potential to\n       disrupt computer operations and the critical mission and business functions that they\n       support. Office of Management and Budget Circular A-130 requires that agencies\n       establish contingency plans for all major systems to ensure their ability to recover\n       and provide service sufficient to meet the minimal needs of system users in the\n       event of unplanned disruptions. The Office of Management and Budget also\n       requires that agencies periodically test their contingency plans to ensure viability.\n       The National Information Assurance Certification and Accreditation Process further\n       requires that IT contingency plans be in place to support systems certification.\n\n           IT contingency planning involves the coordination of personnel and integration\n       of a series of tasks, procedures, and information to direct actions for reducing\n       confusion, improving communications, and achieving the timely continuation or\n       resumption of business at the time of a disruption. IT contingency management\n       strategies include a range of backup operations, remote data storage, communica-\n       tions rerouting, or alternate information processing capabilities. In accordance with\n       foreign affairs guidance,8 contingency plans are to be coordinated with Emergency\n       Action Plans, which embassies and consulates are required to have for emergencies\n       of any kind. Along with other requirements, IT contingency plans are also a critical\n       element of the SSAA documentation required to support the systems certification\n       and accreditation process.\n\n           Given the classified nature of the information processed on the system, IT\n       contingency planning should be critical to supporting CCP deployment. However,\n       OIG found that the Department has not given sufficient focus and emphasis to this\n       activity. Based on various OIG and DS information security evaluations at overseas\n       posts in recent years, a significant number of posts do not have IT contingency plans\n       in place. IRM officials that we met with estimated that as many as 85 to 90 percent\n\n       8\n           Department of State Foreign Affairs Manual 12, section 622.3-2.\n\n\n\n\n14 .       OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                        UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\nof posts lack such plans. We found this to be the case despite the recent emphasis\non contingency planning to support the Year 2000 date change less than 2 years ago.\nFurther, there are currently multiple mechanisms in place for developing and imple-\nmenting IT contingency plans. For example, we identified at least three toolkits or\nprograms available to support IT contingency planning, as follows.\n\n\xe2\x80\xa2   The Diplomatic Security Training Center provides training for technical person-\n    nel on the development of Network Countermeasures Contingency Plans.\n\n\xe2\x80\xa2   A contingency guide developed by IRM\xe2\x80\x99s Office of Architecture, Planning, and\n    Regulations is intended to help create cost-effective strategies for dealing with\n    unexpected events.\n\n\xe2\x80\xa2   IRM\xe2\x80\x99s Systems Integrity Division is developing and testing tools for domestic\n    organizations and overseas posts to implement IT contingency plans. IRM\n    officials recently indicated that these tools will be used to support IT contin-\n    gency planning as a prerequisite for obtaining OpenNet Plus capability.\n\n    The IT contingency planning programs that we identified emphasize different\naspects of IT contingency planning. For example, the DS program focuses more on\nmanaging contingency events, while the IRM program emphasizes development of\nan inventory and database to help restore systems operations after a disruption. We\nnonetheless found that these plans have redundant requirements for meeting the\nsame objectives, indicating a lack of oversight and coordination throughout the\nDepartment. Consolidation and integration of these programs would be appropriate\nfor consistent IT contingency planning at headquarters, as well as at embassies and\nconsulates abroad. This will be key to supporting not just the CCP, but systems\nsecurity management in general within the Department\xe2\x80\x99s overall IT infrastructure.\n\n\n\n\nNeed for Improved CCP Security Planning\nUnderscored in Recent Reports\n\nAddressing these CCP security issues is essential, especially given increasing risks to\ninformation processing in the current technology age. Rapid expansion in computer\ninterconnectivity poses significant risk of malicious intrusions into inadequately\nprotected systems. Heightened dependence on automation to process sensitive\ninformation and conduct mission-critical business also enhances the need to control\nmanagement and ensure proper use and functioning of computer networks hosted in\nU.S. missions abroad.\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   15 .\n\n                                     UNCLASSIFIED\n\x0c                                       UNCLASSIFIED\n\n\n\n            The need for effective CCP risk management strategies is underscored by recent\n       OIG reports on a range of deficiencies in the Department\xe2\x80\x99s information security\n       management environment. Specifically, our recent report on the Department\xe2\x80\x99s\n       progress in implementing key requirements of GISRA9 discussed broad deficiencies\n       in information assurance. Both OIG and DS evaluations over the past 2 years\n       identified weak information security management practices at dozens of overseas\n       posts. OIG indicated, for example, that only 10 of the 35 posts in one region\n       reviewed by OIG security teams in 1999 and 2000 had adequate information security\n       procedures in place. According to OIG\xe2\x80\x99s survey questionnaire, although 59 percent\n       of the Department\xe2\x80\x99s 371 systems are reported to have risk assessments, only 10\n       percent are reported to have security plans, as required by GISRA. OIG identified\n       additional concerns with the Department\xe2\x80\x99s progress in developing and implementing\n       its cyber-based critical infrastructure protection plan, as mandated by Presidential\n       Decision Directive 63. According to DS officials, many of the reported information\n       security issues are systemic and require a change in culture of the Department\xe2\x80\x99s\n       systems management and users in order to be resolved.\n\n            Further, several OIG inspection reports in recent months identified C-LAN-\n       specific management deficiencies in both the outdated Banyan and newly modern-\n       ized C-NT LAN environments. These deficiencies include a lack of configuration\n       management, access controls, and IT contingency planning, as discussed above. DS\n       evaluations of classified operations at posts also identified deficiencies with C-NT\n       LAN equipment. As part of our review, we studied a random sample of 21 DS\n       reports from IT evaluations in the past 2-3 years and found instances where C-LAN\n       servers had been locking up and showed signs of imminent system failure. The DS\n       evaluation reports identified locations where C-LAN equipment without back-up\n       programs also had the potential for network failures. DS evaluations we reviewed\n       found that sometimes C-LAN users were not establishing passwords correctly to\n       guard access to their workstations. The evaluations included discussions of embassies\n       that did not have security settings for the C-LAN in accordance with the\n       Department\xe2\x80\x99s Windows NT configuration standards. When done correctly, these\n       settings help safeguard the integrity of information on the system from risk of\n       compromise. Further, DS found a virus on one embassy\xe2\x80\x99s classified system. These\n       are all issues that could be addressed through improved information security plan-\n       ning and risk management strategies as C-LAN modernization continues.\n\n\n\n       9\n         Senior Management Attention Needed to Ensure Effective Implementation of the Government Information\n       Security Reform Act, Office of Inspector General, U.S. Department of State, Memorandum Re-\n       port 01-IT-M-082, September 2001.\n\n\n\n\n16 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                       UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n\n   Recommendation 1: The Bureaus for Information Resource Management\n   and Diplomatic Security should develop a documented strategy and schedule\n   for C-LAN certification and accreditation to help identify and manage risks to\n   secure classified processing at overseas posts.\n\n\n\n   Recommendation 2: The Bureau of Information Resource Management\n   should coordinate and consolidate its information technology contingency\n   planning training and support activities with similar activities in other Depart-\n   ment organizations to ensure that standardized approaches are used to develop\n   and implement plans for safeguarding modernized classified processing opera-\n   tions in case of unexpected disruptions at overseas posts.\n\n\n\n\nDEPARTMENT COMMENTS AND OUR EVALUATION\nWe obtained comments on a draft of this report from the Office of the Under\nSecretary for Management and the Bureaus of Information Resource Management\nand Diplomatic Security. We have incorporated their comments where appropriate\nand included copies of their comments at Appendix B.\n\n     In its comments, the Office of the Under Secretary for Management stated that\nit believed that a recommendation included in the draft report, which advised the\noffice to ensure timely funding to help address identified risks and complete overseas\nC-LAN modernizations by the December 2003 deadline, was inappropriate. The\noffice stated that connectivity, both classified and unclassified, is already the\nSecretary\xe2\x80\x99s highest IT priority and that instructions to implement the CCP are clear,\nrequiring no recommendation from OIG in this regard. We deleted the recommen-\ndation from the report because, in contrast to prior years\xe2\x80\x99 uncertainties, the CCP\nfunding outlook now appears more positive. By conference agreement on Novem-\nber 9, 2001, the Congress appropriated funds for Department programs, specifying\napproximately $107 million for the replacement of computer and communications\nequipment that posts use for classified operations. The Department is now prepar-\ning a financial plan, which it will use to allocate funds in accordance with Congres-\nsional direction. The Under Secretary for Management will have responsibility for\nthe final IT funding decisions based on recommendations of other senior managers\nin the Department.\n\n\n\n\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   17 .\n\n                                     UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n            IRM and DS responses to Recommendation 1, directed to both their bureaus, do\n       not adequately address our concerns about the approach to managing CCP informa-\n       tion security risks. Specifically, IRM officials agreed with the recommendation,\n       stating that IRM and DS have already developed preliminary strategies related to C-\n       LAN certification and accreditation and have outlined an approach for joint imple-\n       mentation with the OpenNet Plus program. DS officials indicated that the Depart-\n       ment has an established program for certification and accreditation of its classified\n       and unclassified IT systems in compliance with Department and national directives.\n       Further, DS officials discussed their commitment to independent verification and\n       validation of the OpenNet Plus implementation project, which they believe will\n       support the Department\xe2\x80\x99s certification and accreditation process scheduled to begin\n       FY 2003.\n\n            We acknowledge the Department\xe2\x80\x99s development of a certification and accredita-\n       tion process and its preliminary strategies for joint certification and accreditation of\n       the Department\xe2\x80\x99s IT priority projects, and discuss these issues above. Though the\n       preliminary strategies that IRM officials cited are a start, as discussed above, IRM\n       and DS have not developed detailed and documented strategies on how the certifica-\n       tion and accreditation process will be applied to help manage CCP information\n       security risks.\n\n           IRM and DS provided conflicting responses to Recommendation 2, also directed\n       to both bureaus. Specifically, IRM officials agreed with the recommendation, stating\n       that CCP managers are currently soliciting contingency plans from locations that\n       have modern C-LAN equipment as a means of developing a template to facilitate\n       plan creation at other posts. IRM officials further stated that foreign affairs guidance\n       already requires coordination of IT contingency plans with emergency action plans\n       and that they are working closely with DS officials in this regard. In their response,\n       however, DS officials stated that, per agreements with the Office of Management,\n       oversight of the development and implement of security and contingency plans is\n       the responsibility of IRM, not DS. We recognize the division in computer security\n       roles and responsibilities and take no issue with this in our report. Rather, as dis-\n       cussed above, our concern focuses on the existence of redundant IT contingency\n       programs and toolkits\xe2\x80\x94including technical training provided by the DS Training\n       Center\xe2\x80\x94and the lack of adequate IT contingency plans at all overseas posts. We\n       have revised our report to recommend that IRM coordinate and consolidate its IT\n       contingency planning program with related activities in other Department organiza-\n       tions to help promote consistent IT contingency planning to support not just the\n       CCP, but the Department\xe2\x80\x99s overall IT infrastructure.\n\n\n\n\n18 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                     UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n                                       APPENDIX A\n\n                   PURPOSE, SCOPE, AND METHODOLOGY\n\n\n\n     The number one goal in the Department\xe2\x80\x99s Strategic IT Plan, FY 2001-FY 2005,\nis instituting a secure global communications network and IT infrastructure to help\nmeet the challenge of e-diplomacy in the new millennium. The CCP is helping to\nmeet this challenge by providing a commercial-style network and modern hardware\nand software for classified information processing and exchange at the desktop level.\nThe Secretary\xe2\x80\x99s call for enhanced capabilities in the Department through the use of\nstate of the art information technology provides the impetus for accomplishing the\nCCP within the next 2 years.\n\n     In accordance with our goal of helping to ensure more effective, efficient, and\nsecure operations and infrastructures within the Department, OIG conducted a\nreview of the Department\xe2\x80\x99s approach to CCP implementation. Specific objectives\nof our survey were to: (1) determine what, if any, security or operational problems\nare inherent in current classified local area networks overseas; (2) assess the\nDepartment\xe2\x80\x99s approach to planning and implementing its C-LAN systems modern-\nization via the Classified Connectivity Program; and (3) identify what changes may\nbe needed to the Department\xe2\x80\x99s modernization approach.\n\n    To fulfill our review objectives, we conducted web research to obtain background\ninformation on the Department\xe2\x80\x99s existing C-LAN infrastructure overseas, ongoing\nactivities to improve classified connectivity, and criteria to govern these moderniza-\ntion activities. We examined a range of IT and security guidance, including Federal\nlaws and policies, executive directives, Department regulations, and accepted project\nmethodologies, that could be applied to the C-LAN implementation approach. We\nused these criteria to assess CCP management information obtained through discus-\nsions with and documentation provided by officials from various offices within IRM.\n\n    We also met with DS officials to discuss the Department\xe2\x80\x99s approach to identify-\ning the risks and managing the security of the classified system. We interviewed\nofficials in the Bureau of Administration to talk about CCP acquisition and logistics\nmanagement issues. Senior managers in the Bureau of Financial Management and\nPolicy told us about funding and budgeting for the program. Officials in DTS-PO\ntold us about plans to provide the bandwidth needed to support classified informa-\ntion processing overseas. Further, we met with officials from selected regional\nbureaus within the Department to learn about problems experienced with existing\nclassified networks, their role in CCP implementation, and benefits derived from the\nmodernization efforts.\nOIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002   19 .\n\n                                     UNCLASSIFIED\n\x0c                                     UNCLASSIFIED\n\n\n\n            This review was an initial, high-level evaluation of ongoing CCP activities to gain\n       an understanding of the planning and implementation approach and to identify\n       general areas for potentially improving program direction. As such, we limited our\n       review to an assessment of efforts to deploy equipment for the CCP. We did not\n       visit posts to assess actual CCP installations, operations, or maintenance. We also did\n       not conduct full assessments of the related SIPRNET router-based network or\n       applications such as CableXpress that the C-LAN will support.\n\n          We conducted our review from March to September 2001 at the Department in\n       Washington, DC. We performed our work in accordance with generally accepted\n       government auditing standards. Major contributors to this report were Frank Deffer,\n       Sondra McCauley, Cassandra Moore, Tim Fitzgerald, and Sharon Hunter. Com-\n       ments or questions about the report can be directed to Frank Deffer, IT Evaluations\n       and Operations, at defferf@state.gov or (703) 284-2715.\n\n\n\n\n20 .    OIG Report No. IT-A-02-01, Classified Connectivity Program: Progress and Challenges \xe2\x80\x93 February 2002\n\n                                     UNCLASSIFIED\n\x0c\x0c\x0c\x0c\x0c\x0c\x0c'